The approaches described in this section are approaches that could be pursued, but not necessarily approaches that have been previously conceived or pursued. Therefore, unless otherwise indicated, the approaches described in this section may not be prior art to the claims in this application and are not admitted to be prior art by inclusion in this section.
Wi-Fi enabled devices have grown in popularity because of the convenience that they provide to users. For example, many consumer electronics products, such as laptop computers, game consoles, televisions and cameras are now Wi-Fi enabled, which allows the devices to connect to wireless networks. As used herein, the term “Wi-Fi device” refers to a wireless device that supports the 802.11 standard. Wi-Fi devices must be configured with correct configuration parameter values before they can communicate with wireless access points. For example, a Wi-Fi device must be configured with the security parameters of a particular wireless access point to be able to communicate securely with the wireless access point. Manually entering configuration data can be a confusing and tedious process for many users. For example, a user may need to enter a MAC address of the user's Wi-Fi device and/or the wireless access point, one or more encryption keys to be used to encrypt communications, as well as a variety of other parameter values. Many users are not familiar with the terminology used to describe certain parameters and many graphical user interfaces generated by wireless access points are not designed to accommodate novice users. Furthermore, the information must be entered accurately. Even a single error in any of the parameter values can prevent the successful configuration of a Wi-Fi device. For many users, this results in a frustrating experience.
Because of these issues, more automated configuration processes for configuring Wi-Fi devices have been developed. With these automated configuration processes, some or all of the configuration information is automatically exchanged between wireless access points and Wi-Fi devices. This reduces the amount of data that has to be manually entered by users and increases the likelihood of a successful configuration. One of the issues with automated configuration approaches is that the configuration values exchanged between Wi-Fi devices and wireless access points are susceptible to third party attack. In a “man in the middle attack,” a third party attacker is able to read, insert and modify at will, messages between the two parties without either party knowing that the communications between them has been compromised. When used without authentication, this type of attack can foil the use of public-key cryptography and in particular the Diffie-Hellman key exchange protocol. An authentication method, such as the use of a shared secret known only by wireless device and wireless access points, can be used to foil any attacks. For example, a user may be required to enter a PIN into a Wi-Fi device that is used to authenticate the Wi-Fi device. Once the PIN has been authenticated by the wireless access point, the Wi-Fi device can be properly configured. One problem with this approach is that a Wi-Fi device must generate a PIN and display the PIN to a user on a display during configuration. Then the user enters the PIN into the Wi-Fi device. The use of a shared secret, such as a PIN, complicates the configuration process and prevents fully automated configuration. Furthermore, on headless Wi-Fi devices, i.e., devices without a display, the PIN is static and generally provided to a user via a sticker on the device or documentation that accompanies the device. Using a static PIN makes a device more susceptible to third party attacks.